When it matters: Safeguarding your organization from the insider threat

By Jen Dunham, Solution Architect, SAS

Does your organization have sensitive information and assets that, if compromised, could result in a negative impact to others? Does your organization have a system in place to look for these types of threats? Does it have a method of identifying, prioritizing and monitoring behaviors? If not, that’s a big problem.

In the past year, 69 percent of C-level security professionals reported data corruption or attempted theft by company insiders, according to a recent report conducted by Accenture and HfS Research.

Cybercrime is now one of the fastest-growing and sophisticated industries, thanks to the explosive growth of digital data stores. While the financial, health care and insurance industries have been particularly hard hit by fraud-related financial losses, every sector is at risk. A 2015 Intel Security survey notes that the data theft in 43 percent of surveyed cases was the fault of insiders (half of which was accidental); in 68 percent, it was serious enough to require public disclosure; and, in 64 percent, security professionals thought that data loss-prevention technology could have averted the events.

Advanced analytics not only significantly reduces the time and cost of
analyzing behavioral and other data, but also offers cutting-edge ways to
mitigate risks related to insider threats.

In the face of evolving threats, today’s fraud detection technologies have to be flexible and nimble. Automated risk detection is a crucial component of decision advantage, but manipulating large stores of data is, traditionally, expensive. Advanced analytics changes that. Advanced analytics not only significantly reduces the time and cost of analyzing behavioral and other data, but also offers cutting-edge ways to mitigate risks related to insider threats.

SAS recently hosted a seminar to help agencies understand the full scope of modern insider threats and the technical advances that can identify previously overlooked risk indicators. As part of the event, I participated on a panel with US Cyberpol Representative Jay McGowan and Bloomberg Government Senior Defense Analyst Robert Levinson. Our session demonstrated how agencies can thwart attacks by improving internal awareness of insider threats and better leveraging their data to reduce risk.

Typically, the term “insider threat” provokes thoughts of aggressive acts – sabotage, theft, espionage, materials theft and abusing rights access – that are deliberately designed to negatively affect an organization from within. But, as McGowan explained, most insider attacks rarely show overt indications of espionage. Instead they usually are represented as subtler actions, over long periods of time, making them difficult to detect. Additionally, while it may be tempting to characterize perpetrators as disgruntled, an attack’s underlying motive may actually lie with outsiders who seek to capitalize on innocent or weak insiders to do their heavy lifting.

McGowan noted that an organization’s lack of periodic, top-down education on potentially fraudulent activities and vulnerabilities puts all employees – even the most well-intentioned – at risk of compromising protected information.

Most organizations do not have a cross-functional cyberrisk team, so there must be ground-level coordination with all entities to establish a critical data risk knowledge set and a related strategy (including, for instance, identifying which employees travel internationally and who knows about it; or whether and how the organization evaluates related data security and risks). By conducting a detailed audit of compliance and security items, such as sensitive information (Social Security numbers, HR records, intellectual property) and system access, leaders can better evaluate technologies that can facilitate risk detection and information sharing across teams.

As I shared on the panel, advanced analytics offers an unadulterated view of organizationwide vulnerabilities, known and unknown, in real time. Analytics can analyze behavior in context and, essentially, serve as a self-learning feedback loop – one that provides all of the necessary information the organization needs to decide whether to take action. By applying the software to just a handful of data sets, you can spot preliminary fraud indicators and trends that can help with early detection. This information can include graphs of daily risk scores with peer comparison and high-risk activity patterns.

While we would all love to unleash a team of PhD statisticians armed with the most powerful analytics available, agencies face another reality – one with tight budgets. There are some things agencies should consider when contemplating using analytics to uncover insider threats.

Power to the people

Consider technologies that turn agency personnel into “citizen data scientists.” Nonstatisticians, like me, can harness the power of advanced analytics. Visual analytics guides novice users through modeling scenarios, prioritizing certain surveillance and alerts, and producing data-driven insights that make sense to the analyst and investigator. You can display all of this information in an easy-to-understand illustration to streamline consensus building across the organization.

Schemes change, and so do budgets

As criminals adapt their methods, so, too, should fraud software be flexible and able to adapt to the changing nature of information and illicit schemes. This can be done through self-learning capabilities and the versatility of a graphical user interface accompanied by a coding interface, without additional services costs.

Many organizations typically struggle to map software against its total cost of ownership. They’re unable to predict whether and how the application could adapt to monitor new types of fraud and accommodate additional data sources. Other solutions become tightly tethered to a project, making any customization impossible without the software – and requiring additional funding. Ideally, software should empower organizational leadership to properly balance fraud prevention efforts against efficacy and budgeting.

As a solution architect within the SAS Security Intelligence Practice, Jen Dunham is focused on providing expertise and assistance to government teams around the world in addressing various security risks, focusing on insider threat targeting, analytics lead generation, cybercrime, all-source (fusion) analysis and similar applications. As a Certified Fraud Examiner (CFE), she also assists government teams with traditional fraud challenges, focusing on occupational fraud, procurement fraud, and prescription drug monitoring analytics. Dunham served as an all-source intelligence analyst in the US Army for seven years, and has experience with investigations, counterterrorism, counterespionage, counternarcotics, and all-source intelligence analysis.